12-04-2007 09:39 AM - edited 03-05-2019 07:48 PM
Dears,
I have two cisco routers connected to a firewall through a multi-layer switch ,I tried to configure glbp on the two routers on fastethernet interface but the problem is when I shutdown fa interface to test glbp the router remain in the "Init state" and didnt go to standby state,this mean that the second router will not handle the traffic!!
Any advise...Thanks
12-04-2007 09:43 AM
Can you post the portion of the config from those 2 devices along with the show glbp output ?
12-04-2007 10:08 AM
it is a basic glbp configuration...see following:
Router1:
glbp 1 ip
glbp 1 priority 150
glbp 1 preempt
glbp 1 load-balancing round-robin
Router2:
glbp 1 ip
glbp 1 priority 100
glbp 1 preempt
glbp 1 load-balancing round-robin
12-04-2007 10:30 AM
Still missing the show glbp output while the interface is shutdown.
12-04-2007 10:14 PM
12-05-2007 05:48 AM
Any help??
12-05-2007 06:08 AM
It will be in init state as long as the interface is down. It cannot be in standby if the interface is down. Also, it cannot know the state of the partner, so it assumes that is init as well.
Have a look at the show glbp on the remaining router. You will see the shut-down one as init and the other as active.
Then re-enable the original. They will both be active forwarders. But only one will be active virtual gateway, while the other will be standby.
Kevin Dorrell
Luxembourg
12-05-2007 06:12 AM
This is right but the second router must handle all the traffic and this didnt happen!!!???
12-05-2007 06:15 AM
So could you post the show glbp and show int at the router that you didn't shut down?
Also, I assume your firewall has a static route to targeted at the vitual address of the GLBP group, yes?
In any case, I don't think you are going to get the traffic from the firewall load-balanced between the two routers. GLBP works by having a different MAC address for each forawrder, and handing each host one of the two MAC addresses in response to the ARP. One host (like one firewall) will operate on one MAC address. When a router fails, its partner takes its MAC address as well as its own.
You might be better off load-sharing at layer-3 using OSPF. That really can load-share per-packet.
Kevin Dorrell
Luxembourg
12-05-2007 11:36 AM
Thank you Kevin Dorrell for your cooperation...the firewall has a default route to the "Virtual IP address" but I have different real IP range on the firewall and nating is implemented on the firewall..there is a load sharing but it's unequal..what is the other solutions you suggests
12-05-2007 11:57 AM
Can your firewall do OSPF?
12-05-2007 12:01 PM
Yes it is a juniper firewall
12-05-2007 12:45 PM
I would go for OSPF then. Configure the two routers and the firewall as OSPF, and forget about the GLBP. In your routers, re-distribute your external routes into the OSPF with the same path cost.
(The routes in your firewall - are they statics, or are they picked up by OSPF on the untrusted zone? If they are statics, you must make sure they do not get redistributed if the output interface is down.)
The firewall should pick up routes via both routers. If I remember right, there is a parameter you have to set up in the Juniper to make it load balance, but once it is set, it works quite well.
Kevin Dorrell
Luxembourg
12-06-2007 04:46 AM
what if i configure two default routes on my firewall???first route consider router one as a next hop and the second route consider router 2 as a next hop???
12-06-2007 05:24 AM
That would work for the outgoing load balancing, but it would not failover correctly if one of the routers failed. The inaccessible static default route would still be in your firewall and would sink half the traffic.
Kevin Dorrell
Luxembourg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide